diff --git a/aws.cfc b/aws.cfc index 2a63c4c..a7f6a11 100644 --- a/aws.cfc +++ b/aws.cfc @@ -54,7 +54,8 @@ component { string defaultRegion = '', struct constructorArgs = { }, struct httpProxy = { server: '', port: 80 }, - string libraryMapping = '' + string libraryMapping = '', + string token = '' ) { if ( len( arguments.libraryMapping ) && mid( arguments.libraryMapping, len( arguments.libraryMapping ), 1 ) != '.' ) { arguments.libraryMapping &= '.'; @@ -65,7 +66,8 @@ component { awsSecretKey, defaultRegion, httpProxy, - libraryMapping + libraryMapping, + token ); for ( var service in variables.services ) { diff --git a/com/api.cfc b/com/api.cfc index cda1082..3bf61f6 100644 --- a/com/api.cfc +++ b/com/api.cfc @@ -10,11 +10,12 @@ component accessors="true" { required string awsKey, required string awsSecretKey, required string defaultRegion, - struct httpProxy = { server: '', port: 80 } + struct httpProxy = { server: '', port: 80 }, + string token = '' ) { variables.utils = new utils(); variables.httpService = server.keyExists( 'lucee' ) ? new httpLucee( utils, httpProxy ) : new httpColdFusion( utils, httpProxy ); - variables.credentials = new credentials( awsKey, awsSecretKey, this ); + variables.credentials = new credentials( awsKey, awsSecretKey, this, token ); variables.signer = new signature_v4( this ); variables.defaultRegion = arguments.defaultRegion.len() ? arguments.defaultRegion : utils.getSystemSetting( 'AWS_DEFAULT_REGION', diff --git a/com/credentials.cfc b/com/credentials.cfc index 363b56b..78c4b29 100644 --- a/com/credentials.cfc +++ b/com/credentials.cfc @@ -3,14 +3,15 @@ component { public any function init( string awsKey = '', string awsSecretKey = '', - any api + any api, + string token = '' ) { variables.api = api; variables.iamRolePath = '169.254.169.254/latest/meta-data/iam/security-credentials/'; variables.ecsEndpoint = '169.254.170.2'; variables.iamRole = ''; variables.credentialPath = ''; - variables.credentials = resolveCredentials( awsKey, awsSecretKey ); + variables.credentials = resolveCredentials( awsKey, awsSecretKey, token ); return this; } @@ -36,10 +37,23 @@ component { private function resolveCredentials( awsKey, - awsSecretKey + awsSecretKey, + string token = '' ) { var credentials = defaultCredentials( awsKey, awsSecretKey ); + if(len(token)){ + try { + variables.iamRole = requestIamRole(); + if ( iamRole.len() ) { + variables.credentialPath = iamRolePath & iamRole; + refreshCredentials( credentials ); + } + } catch ( any e ) { + // pass + } + } + if ( len( credentials.awsKey ) && len( credentials.awsSecretKey ) ) { return credentials; }